# ---- Build Stage ----
FROM golang:1.25-alpine AS builder

WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download

COPY . .

ARG VERSION=dev
ARG COMMIT=none

RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
    -ldflags="-s -w -X main.version=${VERSION} -X main.commit=${COMMIT} -X main.buildTime=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
    -o /bridge ./cmd/bridge

# ---- Runtime Stage ----
FROM scratch

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /bridge /bridge

EXPOSE 8766

# Docker HEALTHCHECK should use: curl -sf https://localhost:8766/healthz || exit 1
# But scratch has no curl — use docker-compose healthcheck or sidecar instead

ENTRYPOINT ["/bridge"]
